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Remarks 

Claims 24, 25, 27, 28, 34, 36-38, and 40-45 are pending. 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the 
fee set forth in 37 CFR 1 .17(e), was filed in this application after final rejection. 
Since this application is eligible for continued examination under 37 CFR 1.114, 
and the fee set forth in 37 CFR 1 .1 7(e) has been timely paid, the finality of the 
previous Office action has been withdrawn pursuant to 37 CFR 1 .1 14. 
Applicant's submission filed on 5/7/2010 has been entered. 

Response to Arguments 

2. Applicant's arguments filed 5/7/2010 have been fully considered but they 
are not persuasive. 

Applicant first provides a review of the claimed invention. Next provided is 
Applicant's summary of each reference (Glasser and Nowicki). Applicant then 
argues that "Accordingly, the art of record either singularly or in combination, fail 
to teach or suggest" the first limitations of claim 24 that are newly added in this 
amendment. Applicant provides no basis for this argument, other than to provide 
the non-descriptive block argument that the references do not teach "an act of 
accessing a first access control list, the first access control list defining rights 
based on common security rules that principals are to have in an existing non- 
overlapping zone from among the one or more non-overlapping zones; an act of 
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accessing authentication information that specifies the identity of the principals 
that are to have the rights in the existing non-overlapping zone; an act of 
authenticating the principals by verifying the identity of the principals by using the 
authentication information and by verifying that the principals are to have the 
rights defined in the first access control list". 

Therefore, Applicant's arguments do not comply with 37 CFR 1 .1 1 1 (c) 
because they do not clearly point out the patentable novelty which he or she 
thinks the claims present in view of the state of the art disclosed by the 
references cited or the objections made. Further, they do not show how the 
amendments avoid such references or objections. 

Applicant is directed to the rejections provided below in order to see how 
the references teach the new limitations of the claims. 

Claim Objections 

3. Claims 24 and 34 are objected to because of the following informalities: 
Claim 24 refers to "the new non-overlapping security zones" in the labeling 
limitation, however, only a single new non-overlapping security zone is present 
prior to this point in the claim. For purposes of prior art rejection, this has been 
construed as a singular "the new non-overlapping security zone". Claim 34 has 
the same issue and has been construed in the same fashion. 
Appropriate correction is required. 



Claim Rejections - 35 USC § 101 
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35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

4. Claims 34, 38, 40-43, and 45 are rejected under 35 U.S.C. 101 because 
the claimed invention is directed to non-statutory subject matter. 

Claim 34 is directed to a computer program product comprising "one or 
more computer-readable storage media". Such media are described in the 
application in an open-ended manner using examples. As the definition of a 
computer readable storage medium includes a signal, use of such computer 
readable storage media in the claims includes this interpretation of the media 
being signals. Therefore, as the computer readable storage media of claim 34 
are not inherently physical components (e.g. CD, DVD), the claim is non- 
statutory. In order to overcome this 101 rejection, simply adding "non-transitory" 
before "computer-readable storage media" should be sufficient to make the claim 
statutory. Claims 38, 40-43, and 45 are dependent from claim 34 and do not fix 
the issue with the computer readable storage media. Therefore, claims 38, 40- 
43, and 45 are rejected for the same reasons. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
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said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

5. Claims 24, 25, 27, 28, 34, 36-38, and 40-45 are rejected under 35 U.S.C. 

1 03(a) as being unpatentable over Glasser (U.S. Patent 6,061 ,684) in view of 

Nowicki (U.S. Patent 7,146,377). 
Regarding Claim 24, 

Glasser discloses in a computer system, the computer 
system including system memory, a processor, and a computer- 
readable medium, a data store and a method store being stored on 
the computer-readable medium, the data store and method store 
arranged together in a combined item hierarchy on the computer- 
readable medium, the data store having at least one data item that 
depends from a method in the method store and the method store 
having at least one method that depends from data in the data 
store, the combined item hierarchy being divided into one or more 
non-overlapping security zones, each of the one or more non- 
overlapping security zones being defined as a grouping of one or 
more data items and one or more method items having common 
security rules such that principals with rights to items in a non- 
overlapping security zone can treat all items in the non-overlapping 
security zone uniformly in accordance with common security rules, 
a method of authenticating principal identity and then splitting the 
one or more non-overlapping security zones into a plurality of non- 
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overlapping security zones to facilitate more efficient assignment of 
rights to principals, comprising: 

An act of accessing a first ACL, the first ACL defining rights 
based on common security rules that principals are to have in an 
existing non-overlapping zone from among the one or more non- 
overlapping zones (Column 7, line 41 to Column 8, line 39; and 
Column 9, line 58 to Column 10, line 29; authentication and 
permission checks for administrators, such permissions for 
modifying other permissions; authentication and permission checks 
for a normal user; and/or accessing ACLs for setting permissions 
by an administrator, as examples); 

An act of accessing authentication information that specifies 
the identity of the principals that are to have the rights in the 
existing non-overlapping zone (Column 7, line 41 to Column 8, line 
39; and Column 9, line 58 to Column 1 0, line 29; as just described); 

An act of authenticating the principals by verifying the 
identity of the principals by using the authentication information and 
by verifying that the principals are to have the rights defined in the 
first ACL (Column 7, line 41 to Column 8, line 39; and Column 9, 
line 58 to Column 1 0, line 29; as just described); 

An act of identifying a grouping of data items and method 
items in the combined item hierarchy (Figure 4; and Column 4, lines 
20-35; showing that the hierarchical file system includes files, 
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wherein the files are data files, program files, or other computer 
information files. Hereafter, any time data and method items are 
referenced with respect to Glasser, this citation is pertinent, but will 
not be identified in each instance, in order to provide clear 
reference to pertinent citations) for which new common security 
rules are to be enforced, the identified grouping of data items and 
method items currently included in the existing non-overlapping 
zone, existing common security rules being enforced within the 
existing non-overlapping zone, the new common security rules 
differing from the existing common security rules being enforced 
within the existing non-overlapping zone (Column 7, lines 41-64; 
Column 8, lines 27-39; and Column 8, line 55 to Column 9, line 25; 
a resource is selected, wherein the resource will be given different 
rules than the resource's parent (where the parent has an ACL that 
is inherited by the selected resource) and, likewise, the rest of the 
resources that inherit the ACL of the parent. The change to rights 
will include providing the selected resource with a new ACL, which 
will be propagated and inherited by resources descending from the 
selected resource); 

An act of the processor re-configuring the one or more non- 
overlapping security zones so that rights can be assigned at a 
granularity that is finer than an entire database yet coarse enough 
so as to not require assignment for each item, including: 
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An act of splitting the existing non-overlapping 
security zone into a new non-overlapping security zone and 
a remnant of the existing non-overlapping security zone, the 
arrangement of the new non-overlapping security zone 
relative to the remnant of the existing non-overlapping 
security zone based on the location of the identified grouping 
of data items and method items within the combined item 
hierarchy, the new non-overlapping security zone for 
containing the identified grouping of data items and method 
items, the remnant of the existing non-overlapping security 
zone containing at least one data item or method item from 
the existing non-overlapping security zone, wherein the 
splitting is restricted in such a way as to prevent overlapping 
between security zones and such that none of the data items 
and method items are included in more than one security 
zone (Figure 4; Column 7, lines 41-64; Column 8, lines 27- 
39; and Column 8, line 55 to Column 9, line 25); 
For any principals that had existing rights in the existing non- 
overlapping security zone based on the existing common security 
rules being enforced in the existing non-overlapping security zone 
at the time the existing non-overlapping security zone was split, an 
act of retaining those existing rights in the new non-overlapping 
security zone, including in the identified grouping of data items and 
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method items, subsequent to splitting the existing non-overlapping 
security zone and subsequent to labeling to represent that the 
identified grouping of data items and method items are contained in 
the new non-overlapping security zone (Figures 4-5; Column 7, 
lines 41-64; Column 8, lines 27-39; and Column 8, line 55 to 
Column 9, line 25; in the case of adding a user to the ACL, the 
previous entities listed in the ACL (the ACL inherited from the 
ascendant in this case) will still have access, as that previously 
inherited ACL is copied and then changes are made, such as 
adding users. The new user is additionally provided with access to 
the resource and any resources that inherit the ACL of this 
resource); and 

An act of granting one or more other rights in the new non- 
overlapping security zone to one or more additional principals in 
accordance with the new common security rules, assigning the 
other rights to the new non-overlapping security zone collectively 
granting the other rights to each item in the identified grouping of 
data items and method items through the assignment of the other 
rights to the new non-overlapping security zone, the other rights 
differing from the existing rights (Figures 4-5; Column 7, lines 41- 
64; Column 8, lines 27-39; and Column 8, line 55 to Column 9, line 
25; in the case of adding a user, this new user is provided with 
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rights to the resource and any resources that inherit the ACL of this 
selected resource). 

But does not appear to explicitly disclose labeling each of 
the items in the identified grouping of data items and method items 
with a security zone enumeration corresponding to the new non- 
overlapping security zone to represent that the identified grouping 
of data items and method items are contained in the new non- 
overlapping security zone. 

Nowicki, however, discloses labeling each of the items in the 
identified grouping of data items and method items with a security 
zone enumeration corresponding to the new non-overlapping 
security zone to represent that the identified grouping of data items 
and method items are contained in the new non-overlapping 
security zone (Figures 5 and 7; Column 8, lines 25-54; and Column 
9, lines 1-9; changing partition identifiers and/or directory identifiers, 
for example, to indicate that the item is in a specific/new partition or 
directory); and 

That each non-overlapping security zone can contain both 
method and data items (Column 3, line 61 to Column 4, line 3; 
Column 6, line 48 to Column 7, line 10; and Column 12, lines 26- 
36; showing resources being data and method items, placing a 
slower process in a partition/zone dedicated to slower processes, 
and that each partition may include both data and method items). It 
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would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the partitioning 
techniques of Nowicki into the access control system of Glasser in 
order to allow the system to dynamically arrange and rearrange 
items stored in a file hierarchy in such a manner that they can be 
moved to a partition dedicated to the particular type of item and the 
partitions can be merged in the case that multiple partitions are to 
have the same policies, and/or to allow for explicit designation 
within a file handle for each file/item as to which partition and 
directory the file/item currently resides. 

Regarding Claim 34, 

Claim 34 is a computer program product claim that 
corresponds to method claim 24 and is rejected for the same 
reasons. 

Regarding Claim 25, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses that specifying the one or 
more additional principals is performed by the one or more main 
principals (Column 7, lines 41-54; the user is verified as having 
appropriate permissions for the resource(s)). 

Regarding Claim 38, 
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Claim 38 is a computer program product claim that 
corresponds to method claim 25 and is rejected for the same 
reasons. 
Regarding Claim 27, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses the rights being security 
rights (Column 7, lines 41-64; Column 8, lines 10-39; and Column 
8, line 55 to Column 9, line 25). 
Regarding Claim 40, 

Claim 40 is a computer program product claim that 
corresponds to method claim 27 and is rejected for the same 
reasons. 
Regarding Claim 28, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses the rights being auditing 
rights (Column 7, lines 41-64; Column 8, lines 10-39; and Column 
8, line 55 to Column 9, line 25). 
Regarding Claim 41, 

Claim 41 is a computer program product claim that 
corresponds to method claim 28 and is rejected for the same 
reasons. 
Regarding Claim 36, 
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Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses that the existing common 
security rules comprise a second ACL defining the rights a principal 
has to the items in the remnant of the existing non-overlapping 
security zone (Column 7, lines 41-64; Column 8, lines 10-39; and 
Column 8, line 55 to Column 9, line 25). 

Regarding Claim 42, 

Claim 42 is a computer program product claim that 
corresponds to method claim 36 and is rejected for the same 
reasons. 

Regarding Claim 37, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses that the new common 
security rules comprise a second ACL defining the rights a principal 
has to the items in the new non-overlapping security zone (Column 
7, lines 41-64; Column 8, lines 10-39; and Column 8, line 55 to 
Column 9, line 25). 

Regarding Claim 43, 

Claim 43 is a computer program product claim that 
corresponds to method claim 37 and is rejected for the same 
reasons. 

Regarding Claim 44, 
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Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses that the act of granting 
other rights in the new non-overlapping security zone to one or 
more additional principals in accordance with the new common 
security rules comprises an act of granting a set of rights in the 
non-overlapping security zone to the one or more additional 
principals so as to collectively grant the set of rights to the one or 
more additional principals for each item in the new non-overlapping 
security zone, the set of rights including one or more rights selected 
from among read, write, delete, and execute (Column 7, lines 41- 
64; Column 8, lines 10-39; and Column 8, line 55 to Column 9, line 
25). 

Regarding Claim 45, 

Claim 45 is a computer program product claim that 
corresponds to method claim 44 and is rejected for the same 
reasons. 



Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to JEFFREY D. POPHAM whose telephone 
number is (571 )272-721 5. The examiner can normally be reached on M-F 9:00- 
5:30. 
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If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Emmanuel Moise can be reached on (571)272-3865. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
91 99 (IN USA OR CANADA) or 571 -272-1 000. 

Jeffrey D Popham 

Examiner 

Art Unit 2437 

/Jeffrey D Popham/ 
Examiner, Art Unit 2437 



